diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs index 6bcd946..939d30b 100644 --- a/src/api/core/ciphers.rs +++ b/src/api/core/ciphers.rs @@ -388,8 +388,80 @@ fn delete_cipher(uuid: String, headers: Headers, conn: DbConn) -> EmptyResult { fn delete_cipher_selected(data: Json, headers: Headers, conn: DbConn) -> EmptyResult { let data: Value = data.into_inner(); - println!("{:#?}", data); - unimplemented!() + let uuids = match data.get("ids") { + Some(ids) => match ids.as_array() { + Some(ids) => ids.iter().filter_map(|uuid| {uuid.as_str()}), + None => err!("Posted ids field is not an array") + }, + None => err!("Request missing ids field") + }; + + for uuid in uuids { + let cipher = match Cipher::find_by_uuid(uuid, &conn) { + Some(cipher) => cipher, + None => err!("Cipher doesn't exist") + }; + + if cipher.user_uuid != headers.user.uuid { + err!("Cipher is not owned by user") + } + + // Delete attachments + for a in Attachment::find_by_cipher(&cipher.uuid, &conn) { a.delete(&conn); } + + // Delete cipher + cipher.delete(&conn); + } + + Ok(()) +} + +#[post("/ciphers/move", data = "")] +fn move_cipher_selected(data: Json, headers: Headers, conn: DbConn) -> EmptyResult { + let folder_id = match data.get("folderId") { + Some(folder_id) => { + match folder_id.as_str() { + Some(folder_id) => { + match Folder::find_by_uuid(folder_id, &conn) { + Some(folder) => { + if folder.user_uuid != headers.user.uuid { + err!("Folder is not owned by user") + } + Some(folder_id.to_string()) + } + None => err!("Folder doesn't exist") + } + }, + None => err!("Folder id provided in wrong format") + } + }, + None => None + }; + + let uuids = match data.get("ids") { + Some(ids) => match ids.as_array() { + Some(ids) => ids.iter().filter_map(|uuid| {uuid.as_str()}), + None => err!("Posted ids field is not an array") + }, + None => err!("Request missing ids field") + }; + + for uuid in uuids { + let mut cipher = match Cipher::find_by_uuid(uuid, &conn) { + Some(cipher) => cipher, + None => err!("Cipher doesn't exist") + }; + + if cipher.user_uuid != headers.user.uuid { + err!("Cipher is not owned by user") + } + + // Move cipher + cipher.folder_uuid = folder_id.clone(); + cipher.save(&conn); + } + + Ok(()) } #[post("/ciphers/purge", data = "")] diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index 07b2ff0..cbfb97a 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -36,6 +36,7 @@ pub fn routes() -> Vec { delete_cipher, delete_cipher_selected, delete_all, + move_cipher_selected, get_folders, get_folder,